{"id":323,"date":"2024-01-29T10:08:19","date_gmt":"2024-01-29T10:08:19","guid":{"rendered":"https:\/\/yashinfosec.com\/?page_id=323"},"modified":"2024-02-01T09:37:11","modified_gmt":"2024-02-01T09:37:11","slug":"kubernetes-crusade-lets-take-a-deep-dive-into-kubernetes-and-container-security","status":"publish","type":"page","link":"https:\/\/yashinfosec.com\/?page_id=323","title":{"rendered":"Kubernetes Crusade: Let&#8217;s Take a Deep Dive into Kubernetes and Container Security"},"content":{"rendered":"<div class=\"wp-block-post-author\"><div class=\"wp-block-post-author__avatar\"><img decoding=async data-opt-id=1548875979  fetchpriority=\"high\" alt='' src='https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=48&#038;d=mm&#038;r=g' srcset='https:\/\/secure.gravatar.com\/avatar\/47c41ba1e8b552436c6945effc63d9f982f86400a71dc3c6d8cf37cb518a3425?s=96&#038;d=mm&#038;r=g 2x' class='avatar avatar-48 photo' height='48' width='48' \/><\/div><div class=\"wp-block-post-author__content\"><p class=\"wp-block-post-author__byline\">Yaswanth Surya Chalamalasetty<\/p><p class=\"wp-block-post-author__name\">cyaswanthsurya@gmail.com<\/p><\/div><\/div>\n\n<form role=\"search\" method=\"get\" action=\"https:\/\/yashinfosec.com\/\" class=\"wp-block-search__button-outside wp-block-search__text-button wp-block-search\"    ><label class=\"wp-block-search__label\" for=\"wp-block-search__input-1\" >Search<\/label><div class=\"wp-block-search__inside-wrapper\" ><input class=\"wp-block-search__input\" id=\"wp-block-search__input-1\" placeholder=\"\" value=\"\" type=\"search\" name=\"s\" required \/><button aria-label=\"Search\" class=\"wp-block-search__button wp-element-button\" type=\"submit\" >Search<\/button><\/div><\/form>\n\n\n<p><strong>Welcome to my blog on Kubernetes Security which is a 2-week blog that covers some Theoretical and Practical Concepts\/Topics on Kubernetes Security<\/strong><\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_80 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Day_1_Kubernetes_Container_Security\" >Day 1: Kubernetes &amp; Container Security<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Overview_of_Containers\" >Overview of Containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Background_information\" >Background information<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Virtualization\" >Virtualization<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Definition_of_Container\" >Definition of Container<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Building_Container_Images\" >Building Container Images<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Images_in_Containers\" >Images in Containers:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Docker_images_vs_Docker_Containers\" >Docker images vs. Docker Containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Control_Groups_and_Namespaces\" >Control Groups and Namespaces<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Advantages_of_Using_Containers\" >Advantages of Using Containers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Container_Orchestration\" >Container Orchestration<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Kubernetes\" >Kubernetes<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Day_2_Introduction_To_Container_Security\" >Day 2 Introduction To Container Security<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Container_Security\" >Container Security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Importance_of_Container_Security\" >Importance of Container Security<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Container_Security_Best_Practices\" >Container Security Best Practices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Practicals_on_Docker\" >Practicals on Docker<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Understanding_Docker_Layers\" >Understanding Docker Layers<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Day_3_Lab_Using_Dive_For_Secret_Exfiltration\" >Day 3: Lab: Using Dive For Secret Exfiltration<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Lab_Scenario\" >Lab Scenario<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/yashinfosec.com\/?page_id=323\/#Lab_Pre-requisites\" >Lab Pre-requisites:<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Day_1_Kubernetes_Container_Security\"><\/span>Day 1: Kubernetes &amp; Container Security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=1798684372  fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"724\" src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png\" alt=\"\" class=\"wp-image-324\" srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:212\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:543\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:636\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:354\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1140\/h:806\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png 1140w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Overview_of_Containers\"><\/span>Overview of Containers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Containers are transforming modern application infrastructure.<\/li>\n\n\n\n<li>Understanding Containers, Docker, and Kubernetes is required to build modern cloud-native apps and also to modernize the existing legacy applications.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Background_information\"><\/span>Background information<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Scenario<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Imagine you are building a web service on a Ubuntu machine and your code works as expected on your local machine.<\/li>\n\n\n\n<li>You attempt to run the same code on a remote server in your data centre by copying the local binaries, but it fails to work.<\/li>\n\n\n\n<li>The failure to run the code on the remote server can be due to several reasons such as differences in the operating system, missing required binaries, libraries and files, or incompatible software installed on the remote server (e.g. a different version of Python or Java interpreter).<\/li>\n\n\n\n<li>This scenario highlights the challenges of running code in a different environment and the high importance of ensuring that the necessary dependencies and configurations are properly managed.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote has-text-align-left is-layout-flow wp-block-quote-is-layout-flow\">\n<p><\/p>\n<cite>Virtualization Facilitates running multiple OS on a single computer<\/cite><\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Virtualization\"><\/span>Virtualization<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Virtualization refers to running a virtual version of an operating system using Hypervisor.<\/li>\n\n\n\n<li>Each VM requires its Operating system which increases storage and memory overhead while running the VM. As a result, Virtual Machines became heavyweight &amp; increased the system&#8217;s complexity.<\/li>\n\n\n\n<li>To overcome these problems, virtualization was introduced at the Operating System level called &#8220;Containerization&#8221;.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=253525175  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:654\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png\"  decoding=\"async\" width=\"1024\" height=\"654\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20654%22%20width%3D%221024%22%20height%3D%22654%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22654%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-328\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:654\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:191\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:490\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:980\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:574\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:319\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1691\/h:1080\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/vmvscontainer.png 1952w\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Definition_of_Container\"><\/span>Definition of Container<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A container can be thought of as a self-contained unit of software. It contains all the necessary components of a project or service, including dependencies.<\/li>\n\n\n\n<li>The purpose of this encapsulation is to keep the contents isolated from the host system, ensuring that any changes made within the container will not affect the host.<\/li>\n\n\n\n<li>By using containers, you can run a single service or an entire development environment in an isolated and streamlined manner.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>Docker and Containers<\/p><cite>Docker can be thought of as a tool for managing containers, while containers provide an isolated environment for running applications.<\/cite><\/blockquote><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Building_Container_Images\"><\/span>Building Container Images<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=781586846  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:416\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png\"  decoding=\"async\" width=\"1024\" height=\"416\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20416%22%20width%3D%221024%22%20height%3D%22416%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22416%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-331\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:416\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:122\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:312\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:623\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:365\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:203\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1848\/h:750\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/buildimages.png 1848w\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Images_in_Containers\"><\/span>Images in Containers:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Images are created by following a series of instructions provided in the Dockerfile.<\/li>\n\n\n\n<li>During the image-building process, each command creates a layer that contributes to the final image.<\/li>\n\n\n\n<li>The final layer determines the command that should be executed once a container is initiated.<\/li>\n\n\n\n<li>Images do not necessarily need to be stored or built on just your local machine.<\/li>\n\n\n\n<li>Containers are meant to be deployable anywhere and thus we should be able to access our images from any physical machine.<\/li>\n\n\n\n<li>Registries are used to remotely store and access images, privately as well as publicly.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Docker_images_vs_Docker_Containers\"><\/span>Docker images vs. Docker Containers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Docker image acts as a blueprint or template, while a Docker container is an active instance of that blueprint.<\/li>\n\n\n\n<li>To create an image with your application&#8217;s code, you create a text file named Dockerfile that lists the necessary commands. The Docker builder uses this file to build the image. After building the image, you can store it in a container registry for version control.<\/li>\n\n\n\n<li>To run a Docker image, you must either build it locally or retrieve it from a registry.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>DockerHub is a widely-used public registry, but private option like Amazon Elastic Container Registry and Azure Container Registry are also available to keep your images secure.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Control_Groups_and_Namespaces\"><\/span>Control Groups and Namespaces<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=565918947  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:499\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"499\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20499%22%20width%3D%221024%22%20height%3D%22499%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22499%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-337\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:499\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:146\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:374\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:749\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1920\/h:935\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 2048w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:439\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:244\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/cgroups.png 500w\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Control Groups (cgroups): Control groups are used to limit, prioritize, and allocate resources such as CPU, memory, and 1\/0 bandwidth to a group of processes. They allow for fine-grained control over the distribution of resources in a Linux system, making it possible to ensure that one group of processes does not interfere with others.<\/li>\n\n\n\n<li>Namespaces: Namespaces are used to provide an isolated view of the system resources to a group of processes. Each namespace provides a separate view of the system, including process IDs, network interfaces, file systems, and other resources. This isolation ensures that changes made within a namespace do not affect the rest of the system.<\/li>\n\n\n\n<li>Additionally, the idea of namespace isolation was incorporated into cgroups. This was similar to the already existing process isolation feature. The namespace isolation ensures isolation between processes in the cgroup namespaces.<br>\n<ul class=\"wp-block-list\">\n<li> PID namespace: Processes in one namespace are not aware of processes in another namespace<\/li>\n\n\n\n<li>Mount namespace: Process in one namespace can&#8217;t access the filesystem mounted in another namespace<\/li>\n\n\n\n<li>User namespace: User processes can have certain privileges within a namespace but may have different privileges outside that namespace.<\/li>\n\n\n\n<li>Interprocess communication (IPC) namespace: IPCs handle the communication between processes by using shared memory areas, message queues, and semaphores (used mostly in DBs). When a program needs to store information for a short time, it asks the operating system to reserve a certain amount of random access memory (RAM) to its process.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Most Common used linux namespaces: PID, Mount(MNT), User, Net, Unix Timesharing System(uts namespace), User, IPC.<\/p>\n<\/blockquote>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Advantages_of_Using_Containers\"><\/span>Advantages of Using Containers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ease of deployment is the biggest advantage of containers as they are easily deployable on a variety of systems, due to their isolation.<\/li>\n\n\n\n<li>Run multiple services on one machine<\/li>\n\n\n\n<li>Isolation from the host operating system prevents unwanted user access to the host&#8217;s file system<\/li>\n\n\n\n<li>Containers are extremely lightweight in memory requirements that virtual machines<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Container_Orchestration\"><\/span>Container Orchestration<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Container Orchestration is the automation of the operational efforts like deployment, management, scaling and networking required to run containerized workloads. Scalability, Reliability &amp; Operability are the three cornerstones of any distributed system.<\/li>\n\n\n\n<li>Container Orchestration tools provide a way for managing containers and microservices architecture<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kubernetes\"><\/span>Kubernetes<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img data-opt-id=375492862  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png\"  loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"800\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%20100%%20100%%22%20width%3D%22100%%22%20height%3D%22100%%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22100%%22%20height%3D%22100%%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-341\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:960\/h:800\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png 960w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:250\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:640\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:750\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:417\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/k8s.png 500w\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kubernetes is an orchestration engine that solves the problems associated with deploying and scheduling and simplifies the management of containers in the cloud.<\/li>\n\n\n\n<li>Kubernetes is backed by Google&#8217;s experience of running workloads at huge scale in production over the past 15 years.<\/li>\n<\/ul>\n\n\n\n<p><strong><em>This is just the beginning of a long cruise sail&#8230;&#8230;&#8230; Be Ready for this exciting journey<\/em><\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Day_2_Introduction_To_Container_Security\"><\/span>Day 2 Introduction To Container Security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><strong><h3><span class=\"ez-toc-section\" id=\"Container_Security\"><\/span>Container Security<span class=\"ez-toc-section-end\"><\/span><\/h3><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Single Container can contain multiple vulnerabilities, which can lead to security incidents.<\/li>\n\n\n\n<li>Securing Containers requires a continuous security strategy that must be integrated into the entire software development process.<\/li>\n\n\n\n<li>This includes securing the build pipeline, the container images, the machines hosting the containers, the runtime systems(such as Docker or Containerd), the container platform, and the application layers.<\/li>\n<\/ul>\n\n\n\n<p><strong><h3><span class=\"ez-toc-section\" id=\"Importance_of_Container_Security\"><\/span>Importance of Container Security<span class=\"ez-toc-section-end\"><\/span><\/h3><\/strong><\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>The security of containers is crucial as the images holds all the components that will rin the application.<\/p>\n<\/blockquote>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Risk of Vulnerabilities:<\/strong> The presence of vulnerabilities in the container image increases the risk and potential harm of security issues during production.<\/li>\n\n\n\n<li><strong>Monitoring Production: <\/strong>To minimize these risks it is essential to monitor production.<\/li>\n\n\n\n<li><strong>Building Secure Images: <\/strong>Creating images without vulnerabilities or elevated privileges can help improve security.<\/li>\n\n\n\n<li><strong>Monitoring Runtime: <\/strong>Despite having secure images, it is still necessary to monitor what is happening during runtime.<\/li>\n\n\n\n<li><strong>Essential for Safe Deployments: <\/strong>Ensuring the security of containers is a critical aspect of safe and successful deployments.<\/li>\n\n\n\n<li><strong>Protecting Data:<\/strong> Securing containers can help protect sensitive data and prevent unauthorized access.<\/li>\n\n\n\n<li><strong>Maintaining Trust:<\/strong> Maintaining the security of containers is important in building and maintaining the trust of customers, stakeholders, and partners.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Container_Security_Best_Practices\"><\/span>Container Security Best Practices<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Securing Images<\/strong>: Containers are created using container images, thus the attack surface can be minimized by including only essential application code and dependencies in the image and removing any tools or libraries that are not required. Also, always trusted images should be used.<\/li>\n\n\n\n<li><strong>Securing Registries:<\/strong> Implement security controls for a private container registry to protect images. Ensure integrity and establish strict access control.<\/li>\n\n\n\n<li><strong>Securing Deployment:<\/strong> Ensure the target environment is secure by hardening the operating system, setting up VPC, security groups, and firewall rules, and restricting access to container resources.<\/li>\n\n\n\n<li><strong>Automated Testing:<\/strong> Use automated testing via Clair, anchor to detect vulnerabilities in the code and environment before deployment.<\/li>\n\n\n\n<li><strong>Continuous Monitoring:<\/strong> Continuously monitor containers, host systems, and the environment for security threats and vulnerabilities.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Practicals_on_Docker\"><\/span>Practicals on Docker<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Ladies and Gentlemen get ready prep yourself to explore <strong>Docker Playground<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=1866718062  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:683\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"683\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20683%22%20width%3D%221024%22%20height%3D%22683%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22683%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-390\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:683\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:200\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:512\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:600\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:333\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1080\/h:720\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-cheatsheet.png 1080w\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Understanding_Docker_Layers\"><\/span>Understanding Docker Layers<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><strong>Docker Layers:<\/strong><\/p>\n\n\n\n<p>A Docker build consists of a series of ordered build instructions, docker layers are files that result from executing a command. Layers offer the benefit of being reusable by multiple images, saving disk space and reducing the time it takes to build images, while still preserving their integrity.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=2022993253  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:595\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"595\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20595%22%20width%3D%221024%22%20height%3D%22595%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22595%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-393\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:595\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:174\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:446\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:523\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:291\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1098\/h:638\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/docker-layer.png 1098w\" \/><\/figure>\n\n\n\n<p><strong>Basics of Dockerfile:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Dockerfile is a plain text file that contains instructions to build an image.<\/li>\n\n\n\n<li>The Dockerfile is essential as it specifies what should be downloaded, the arguments that need to be run after building the image, and how to configure the image.<\/li>\n\n\n\n<li>By executing the same steps repeatedly, Dockerfile can be used to create clean images that are consistent across multiple builds.<\/li>\n<\/ul>\n\n\n\n<p><strong>Demo Using Dockerfile?<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Dockerfile is a text file that contains a set of instructions for building a Docker image. Each instruction in the Dockerfile provides a step in the image-building process.<\/li>\n\n\n\n<li>Typical Dockerfile:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>FROM httpd:latest\nLABEL maintainer=\"Security Dojo&lt;namaste@securitydojo.co.in&gt;\"\nLABEL version=\"1.0\"\nLABEL description=\"This is a sample Docker image.\"\nEXPOSE 80\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Explanation of Dockerfile:\n<ul class=\"wp-block-list\">\n<li> FROM\u2014The base image can be Ubuntu, Redis, MySQL, etc.<\/li>\n\n\n\n<li>LABEL\u2014Labeling like EMAIL, AUTHOR, etc.<\/li>\n\n\n\n<li>EXPOSE &#8211; The expose keyword in a Dockerfile tells Docker that a container listens for traffic on the specified port.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The instructions in a Dockerfile are executed in order from top to bottom. Each instruction creates a new layer in the image, which is cached and can be reused in subsequent builds if the Dockerfile has not changed.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-video\"><video height=\"1080\" style=\"aspect-ratio: 1920 \/ 1080;\" width=\"1920\" autoplay controls src=\"https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/Project-1.mp4\"><\/video><\/figure>\n\n\n\n<p><strong>Demo on Docker commands and their usage<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Day_3_Lab_Using_Dive_For_Secret_Exfiltration\"><\/span>Day 3: Lab: Using Dive For Secret Exfiltration<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Lab_Scenario\"><\/span>Lab Scenario<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The Lab Scenario uses the open-source Dive tool for layer analysis.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Lab_Pre-requisites\"><\/span>Lab Pre-requisites:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Ubuntu Server.<\/li>\n\n\n\n<li>Install Docker.io and Docker Compose.<\/li>\n\n\n\n<li>Deploy Portainer (This is an optional step).<\/li>\n\n\n\n<li>Tool: <a href=\"https:\/\/github.com\/wagoodman\/dive\">Dive<\/a><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-verse\">Commands\n\nmkdir 3.3.2_dive\n\ncd 3.3.2_dive\n\nwget https:\/\/github.com\/wagoodman\/dive\/releases\/download\/v0.9.2\/dive_0.9.2_linux_amd64.deb<\/pre>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=802344097  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:228\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"228\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20228%22%20width%3D%221024%22%20height%3D%22228%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22228%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-402\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:228\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:67\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:171\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:342\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1920\/h:427\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 2048w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:201\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:111\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive1.png 500w\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>sudo ap install .\/dive_0.9.2_linux_amd64.deb &amp;&amp; rm dive_0.9.2_linux_amd64.deb<\/p>\n<cite>rm dive_0.9.2_linux_amd64.deb will delete the binary after installation<\/cite><\/blockquote>\n\n\n\n<p>Run Dive to download the Docker image. By default, the latest tag will be downloaded.<\/p>\n\n\n\n<p>By default latest tag is used when pulling the image from the docker repository instead we need to use v1.1 tag <\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Dive justmorpheu5\/vulnerable-deepdive:v1.1<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=2035041862  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:399\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"399\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20399%22%20width%3D%221024%22%20height%3D%22399%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22399%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-403\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:399\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:117\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:299\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:598\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:351\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:195\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1612\/h:628\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive4.png 1612w\" \/><\/figure>\n\n\n\n<p>Analyze each layer of the Docker image. The app.py file can be viewed by navigating using the arrow key, on the <em>12th layer<\/em>.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Press <strong>ctrl+ c<\/strong> to exit from dive<\/p>\n<\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=385364951  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:666\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"666\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20666%22%20width%3D%221024%22%20height%3D%22666%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22666%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-404\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:666\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:195\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:499\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:999\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1660\/h:1080\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 2048w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:585\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:325\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive5.png 500w\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Let&#8217;s save the Docker image as a backup.tar file.<\/p>\n\n\n\n<p>docker save justmorpheus5\/vulnerable-deepdive:v1.1 -o backup.tar<\/p>\n<cite>ls<\/cite><\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=929918479  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:155\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"155\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20155%22%20width%3D%221024%22%20height%3D%22155%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22155%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-405\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:155\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:45\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:116\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:233\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:136\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:76\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1900\/h:288\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive6.png 1900w\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Extract the tar file using the tar command.<\/p>\n<cite>mkdir dive &amp;&amp; mv backup. tar dive &amp;&amp; cd dive &amp;&amp; Is<br><br>tar -xvf backup.tar<\/cite><\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=1345296488  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:866\/h:1024\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png\"  loading=\"lazy\" decoding=\"async\" width=\"866\" height=\"1024\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%20866%201024%22%20width%3D%22866%22%20height%3D%221024%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%22866%22%20height%3D%221024%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-406\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:866\/h:1024\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 866w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:254\/h:300\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 254w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:908\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:913\/h:1080\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 1299w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:1064\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:591\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:913\/h:1080\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive8.png 1566w\" \/><\/figure>\n\n\n\n<p>Navigate to the extracted folder starting with<\/p>\n\n\n\n<p>2fe6fa1e73b8\u00d888993e857194e6ca9add9ceb77f\u00f8e248e\u00d828f9f73bcd37e37b5\/<strong><br><br>cd 2fe6fa1e73b8\u00d888993e857194e6ca9add9ceb77f\u00f8e248e\u00d828f9f73bcd37e37b5\/<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=1387294859  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:102\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"102\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20102%22%20width%3D%221024%22%20height%3D%22102%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22102%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-407\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:102\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:30\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:77\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:153\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:90\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:50\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 500w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1920\/h:191\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive9.png 2022w\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Extract the layer.tar file and display the app.py file.<\/p>\n<cite>tar -xvf layer. tar<br>cat tmp\/app.py<\/cite><\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-opt-id=876895383  data-opt-src=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:304\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png\"  loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"304\" src=\"data:image/svg+xml,%3Csvg%20viewBox%3D%220%200%201024%20304%22%20width%3D%221024%22%20height%3D%22304%22%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Crect%20width%3D%221024%22%20height%3D%22304%22%20fill%3D%22transparent%22%2F%3E%3C%2Fsvg%3E\" alt=\"\" class=\"wp-image-408\" old-srcset=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:304\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 1024w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:300\/h:89\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 300w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:768\/h:228\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 768w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1536\/h:456\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 1536w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1920\/h:570\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 2048w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:900\/h:267\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 900w, https:\/\/mlefs6wcwvfi.i.optimole.com\/w:500\/h:149\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/02\/dive10.png 500w\" \/><\/figure>\n\n\n\n<p>now check the file for AWS Credentials, AWS_ACCESS_KEY_ID &amp; AWS_SECRET_ACCESS_KEY<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to my blog on Kubernetes Security which is a 2-week blog that covers some Theoretical and Practical Concepts\/Topics on Kubernetes Security<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"iawp_total_views":49,"footnotes":""},"class_list":{"0":"post-323","1":"page","2":"type-page","3":"status-publish","5":"col-md-12"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Kubernetes Crusade: Let&#039;s Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/yashinfosec.com\/?page_id=323\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes Crusade: Let&#039;s Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com\" \/>\n<meta property=\"og:description\" content=\"Welcome to my blog on Kubernetes Security which is a 2-week blog that covers some Theoretical and Practical Concepts\/Topics on Kubernetes Security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/yashinfosec.com\/?page_id=323\" \/>\n<meta property=\"og:site_name\" content=\"yashinfosec.com\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-01T09:37:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323\",\"url\":\"https:\/\/yashinfosec.com\/?page_id=323\",\"name\":\"Kubernetes Crusade: Let's Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com\",\"isPartOf\":{\"@id\":\"https:\/\/yashinfosec.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323#primaryimage\"},\"image\":{\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png\",\"datePublished\":\"2024-01-29T10:08:19+00:00\",\"dateModified\":\"2024-02-01T09:37:11+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/yashinfosec.com\/?page_id=323\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323#primaryimage\",\"url\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png\",\"contentUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png\",\"width\":1140,\"height\":806},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/yashinfosec.com\/?page_id=323#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/yashinfosec.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kubernetes Crusade: Let&#8217;s Take a Deep Dive into Kubernetes and Container Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/yashinfosec.com\/#website\",\"url\":\"https:\/\/yashinfosec.com\/\",\"name\":\"yashinfosec.com\",\"description\":\"Explore Security In-depth\",\"publisher\":{\"@id\":\"https:\/\/yashinfosec.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/yashinfosec.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/yashinfosec.com\/#organization\",\"name\":\"yashinfosec.com\",\"url\":\"https:\/\/yashinfosec.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png\",\"contentUrl\":\"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png\",\"width\":250,\"height\":250,\"caption\":\"yashinfosec.com\"},\"image\":{\"@id\":\"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kubernetes Crusade: Let's Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/yashinfosec.com\/?page_id=323","og_locale":"en_US","og_type":"article","og_title":"Kubernetes Crusade: Let's Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com","og_description":"Welcome to my blog on Kubernetes Security which is a 2-week blog that covers some Theoretical and Practical Concepts\/Topics on Kubernetes Security","og_url":"https:\/\/yashinfosec.com\/?page_id=323","og_site_name":"yashinfosec.com","article_modified_time":"2024-02-01T09:37:11+00:00","og_image":[{"url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/yashinfosec.com\/?page_id=323","url":"https:\/\/yashinfosec.com\/?page_id=323","name":"Kubernetes Crusade: Let's Take a Deep Dive into Kubernetes and Container Security - yashinfosec.com","isPartOf":{"@id":"https:\/\/yashinfosec.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/yashinfosec.com\/?page_id=323#primaryimage"},"image":{"@id":"https:\/\/yashinfosec.com\/?page_id=323#primaryimage"},"thumbnailUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:1024\/h:724\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png","datePublished":"2024-01-29T10:08:19+00:00","dateModified":"2024-02-01T09:37:11+00:00","breadcrumb":{"@id":"https:\/\/yashinfosec.com\/?page_id=323#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/yashinfosec.com\/?page_id=323"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/yashinfosec.com\/?page_id=323#primaryimage","url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png","contentUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2024\/01\/conatiners.png","width":1140,"height":806},{"@type":"BreadcrumbList","@id":"https:\/\/yashinfosec.com\/?page_id=323#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/yashinfosec.com\/"},{"@type":"ListItem","position":2,"name":"Kubernetes Crusade: Let&#8217;s Take a Deep Dive into Kubernetes and Container Security"}]},{"@type":"WebSite","@id":"https:\/\/yashinfosec.com\/#website","url":"https:\/\/yashinfosec.com\/","name":"yashinfosec.com","description":"Explore Security In-depth","publisher":{"@id":"https:\/\/yashinfosec.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/yashinfosec.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/yashinfosec.com\/#organization","name":"yashinfosec.com","url":"https:\/\/yashinfosec.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/","url":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png","contentUrl":"https:\/\/mlefs6wcwvfi.i.optimole.com\/w:auto\/h:auto\/q:mauto\/ig:avif\/https:\/\/yashinfosec.com\/wp-content\/uploads\/2023\/03\/cropped-logo-1.png","width":250,"height":250,"caption":"yashinfosec.com"},"image":{"@id":"https:\/\/yashinfosec.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/pages\/323","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=323"}],"version-history":[{"count":49,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/pages\/323\/revisions"}],"predecessor-version":[{"id":410,"href":"https:\/\/yashinfosec.com\/index.php?rest_route=\/wp\/v2\/pages\/323\/revisions\/410"}],"wp:attachment":[{"href":"https:\/\/yashinfosec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=323"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}